Отправить #593099: Upsonic <=v0.55.6 DeserializationИнформация

Название	Upsonic <=v0.55.6 Deserialization
Описание	When user is runing Upsonic, attacker via /tools/add_tool to achieve RCE by sending carefully crafted data. Because cloudpickle.loads(decoded_function) function is Unsafe Deserialization
Источник	⚠️ https://github.com/Upsonic/Upsonic/issues/353
Пользователь	Anonymous User
Представление	09.06.2025 10:56 (11 месяцы назад)
Модерация	19.06.2025 08:53 (10 days later)
Статус	принято
Запись VulDB	313283 [Upsonic до 0.55.6 Pickle /tools/add_tool cloudpickle.loads эскалация привилегий]
Баллы	16

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!